[Opendnssec-user] Running signer with zone fetcher
Antti Ristimäki
aristima at csc.fi
Tue Oct 13 15:00:25 UTC 2009
On Mon, 12 Oct 2009, Matthijs Mekking wrote:
Hi Matthijs,
Just for your information, I now managed to make the zone fetcher work.
The reason was that a local firewall filter blocked the UDP response
packets coming from the hidden master. That's why the zone fetcher failed
to query for the SOA serial.
Sorry for unnecessary harm and thanks for your help!
Best regards,
Antti
> Antti Ristimäki wrote:
>> Hi Matthijs,
>>
>> Yes, the server is reachable on port 8054 and AXFR query with dig, for
>> example, works. The zone fetcher will obviously use the <NotifyListen>
>> address as a source address when querying for AXFR?
>
> No. The NotifyListen is only for listening to NOTIFY messages. When
> quering for AXFR, a new socket will be created that can have a different
> address structure. I think you request a feature to set the outgoing
> interface for AXFR?
>
> Best regards,
>
> Matthijs
>
More information about the Opendnssec-user
mailing list